'Not to mention that the government has trusted signing keys and can generate SSL certificates for any site' do you have anywhere I could read more about this?
well if you know about this http://en.wikipedia.org/wiki/Certificate_authority
and you know about our government's secret subpoenas/courts then you should be able to connect the dots yourself. The fed can (theoretically) force a CA to give up it's keys with a secret court order and the general public may never find out about it.
I was under the impression that the CAs only know what public keys where tied to which domain. The CAs shouldn't have the private key... I'll look into it some more.
The certificate authority can issue certificates for absolutely anything (any domain) they want and your software will happily claim it's valid if the CA is trusted.
That is why the CA-system is a joke, you only need to compromise any of the CA's that are trusted by default to fool all certificate users.
I'm sure you probably know most of this but as a brief refresher for other viewers, here's the basic process. So when you want to buy a SSL cert for yourdomain.com you first generate your private key yourself securely on your computer and don't share this private key with any third party ever. You then need to prove that you really are the owner of yourdomain.com and that the new key you just made really is the legitimate key for your site. The way you do this is by creating a certificate signing request that includes your public key and the domain that you want to use that key with. You then need to get a certificate authority to sign a certificate that says that anyone going to yourdomain.com can use your new public key until 2016.
The big problem with this is that even though nobody knows your private key, they don't know your public key either, they have to rely on knowing the CA's public key and accept whatever public key they get when they connect so long as the CA says that the key is kosher. So let's say the NSA wants to track what you're doing on yourdomain.com, they just send a secret court order to VeriSign saying that they must turn over their private key that they use to sign certificates because computer security is a terrorist threat. Now they just use their own public key and send you a cert signed by VeriSign saying that the NSA key is the correct key to use. Because the NSA has more or less priviledged network access they can intercept traffic going to the IP address for yourdomain.com and just do a standard MITM but replacing the good SSL cert with their bad one.
What complicates things further is that there are tons and tons of CAs out there that are trusted by default and there's no isolation (AFAIK) such as "only these 10 CAs can sign certs for .com" so when the Iranian government wants to dish out some Orwellian justice on it's citizens they now have that huge mountain of targets to choose from because getting into one CA in the world (like DigiNotar) means that they can essentially break vanilla SSL until that CA's public key is blacklisted and all of the clients are aware of the revocation.
Just as a disclaimer, this was rather simplified but I feel like that's close enough to get the point across.
